Dear Peer-Christoph, Compaq's Tru64 Unix guards itself against this by setting a limit for the number of processes that can be run simultaneously under a given uid. This limit (max-proc-per-user) is a kernel run-time configuration option (root is exempt). I'm sure Convex-OS had something similar when I used it back in the early 90s; it is something I would expect in a mature operating system. It is true that you can never completely guard against problems of this nature, but I believe one should at least try. This particular problem is nasty because (a) it happens very quickly (b) it is easy to do by mistake I administer a system used by 100s of undergraduates and will be moving from Tru64 to Linux in the summer; I think it would be a very good thing if Linux protected itself against this kind of thing. My users don't deliberately try to kill the system (they would be lynched if they did) but they certainly make mistakes. Bob On Mon, 23 Apr 2001, Peer-Christoph Mettelem wrote:
Hi,
I just wrote a shell script which looks like this: while true do $0 done
I executed it as normal user and then the following happened: As you can imagine, very many shells were started (i wasnt able to count them because the system wasnt responding any more). And then the system started killing system processes like X and smbd. I got the following output on console 10: Apr 23 09:11:54 AlBundy kernel: VM: killing process kmail Apr 23 09:12:52 AlBundy kernel: VM: killing process smbd Apr 23 09:13:03 AlBundy kernel: VM: killing process smbd Apr 23 09:13:05 AlBundy kernel: VM: killing process xconsole Apr 23 09:13:13 AlBundy kernel: VM: killing process X
The system recovered itself by killing X. That worked because i started the script from a shell in KDE. But if the script would be started within a telnet session, it could be more dangerous.
I dont know if this is a security hole, but it might be.
My system: SuSE 7.0 (kernel 2.2.18) Lots of updates and patches installed PII 350 MHz 320 MB RAM
Peer-Christoph Mettelem BezRegMS (NRW, Germany) Software developer (trainee)
PS.: This is my first mail to the mailing list. Sorry if its OT or something...
============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691